{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SAP S/4HANA", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "100"}, {"status": "affected", "version": "101"}, {"status": "affected", "version": "102"}, {"status": "affected", "version": "103"}, {"status": "affected", "version": "104"}, {"status": "affected", "version": "105"}, {"status": "affected", "version": "106"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.</p>"}], "value": "The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.\n\n"}], "problemTypes": [{"descriptions": [{"description": "Cross-Site Scripting", "lang": "en"}]}], "providerMetadata": {"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap", "dateUpdated": "2023-07-10T18:07:38.847Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/3112928"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2022-22531", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP S/4HANA", "version": {"version_data": [{"version_name": "<", "version_value": "100"}, {"version_name": "<", "version_value": "101"}, {"version_name": "<", "version_value": "102"}, {"version_name": "<", "version_value": "103"}, {"version_name": "<", "version_value": "104"}, {"version_name": "<", "version_value": "105"}, {"version_name": "<", "version_value": "106"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified."}]}, "impact": {"cvss": {"baseScore": "null", "vectorString": "null", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Cross-Site Scripting"}]}]}, "references": {"reference_data": [{"name": "https://launchpad.support.sap.com/#/notes/3112928", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/3112928"}, {"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:14:55.412Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/3112928"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2022-22531", "datePublished": "2022-01-14T19:11:28", "dateReserved": "2022-01-04T00:00:00", "dateUpdated": "2024-08-03T03:14:55.412Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:s\\/4hana:100:*:*:*:*:*:*:*", "matchCriteriaId": "11051D6A-FC81-4951-ACDA-BB07D5A5D751", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana:101:*:*:*:*:*:*:*", "matchCriteriaId": "E6FE144C-BAF2-4E45-93EE-D70764BDEFD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana:102:*:*:*:*:*:*:*", "matchCriteriaId": "55BACB30-A607-410E-AB05-E991CC19CE12", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana:103:*:*:*:*:*:*:*", "matchCriteriaId": "95A0C742-4CBD-46B8-B2B3-5949EFC82A6D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana:104:*:*:*:*:*:*:*", "matchCriteriaId": "14A540DA-F234-4EEA-ADE8-4F6306A86C1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana:105:*:*:*:*:*:*:*", "matchCriteriaId": "088EF501-76F9-44EC-B8B9-AED6F6096C03", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana:106:*:*:*:*:*:*:*", "matchCriteriaId": "E0023602-B509-4B20-9B29-20EEE88E1692", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to run arbitrary script code, resulting in sensitive information being disclosed or modified.\n\n"}, {"lang": "es", "value": "La aplicaci\u00f3n F0743 Create Single Payment de SAP S/4HANA - versiones 100, 101, 102, 103, 104, 105, 106, no comprueba los archivos cargados o descargados. Esto permite a un atacante con derechos de usuario b\u00e1sicos ejecutar c\u00f3digo de script arbitrario, resultando en una divulgaci\u00f3n o modificaci\u00f3n de informaci\u00f3n confidencial"}], "id": "CVE-2022-22531", "lastModified": "2024-11-21T06:46:58.133", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-01-14T20:15:15.880", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/3112928"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/3112928"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=596902035"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}